Database columns can be encrypted with keys that are created with user-defined or login passwords.
In each database, you can create a key that is used to encrypt columns. Creating a key on each database minimizes cross-database key integrity problems. Such key problems can happen in distributed systems, particularly when you are dumping and loading, or mounting and unmounting databases.
Using encryption keys with user-defined passwords creates a highly secure system where even database owners and system administrators cannot access encrypted data. You can also require that the key encryption method itself use a user-defined password.
Adaptive Server provides recovery for lost base-key passwords.
When data is encrypted, system security officers, key-custodians, and users with permission to create encryption keys can also create base keys. System security officers can also grant base key creation permission to users with no other permissions.
Whoever creates the base key is the "key owner." To control access to encrypted data, only key owners and system security officers can change the base key password.
Key owners can allow data access to other users by making copies of the base key—called key copies. A key copy is an additional password for the base key that can be changed as soon as it is assigned to a user, or key-copy owner. Only the key copy owner can change the key-copy password.
You can make key copies for designated users if you are the base key owner or a system security officer. Key copies of the base key are not new keys themselves; they are additional passwords for the base key. Key copy assignees should change their user-defined password for the key copy as soon as the key copy is assigned to them.
The key copy is encrypted with the login password as soon as the assignee logs in and accesses the key copy.
Key recovery requires you to create a special key copy designated for the recovery of the base key. This is called the recovery key. If you lose your password, use the recovery key to access the base key.